Solved Infected with tidserv trojan

[uNo]

Running Windows 7 and I began getting pop up notifcations from Norton SEP saying "tidserv activity detected" & "Web Attack: Blackhole Toolkit Website detected". I have already gone through the 8(6) steps and here are the logs: (Please Help)

Malwarebytes log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6230

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

3/31/2011 6:27:16 PM
mbam-log-2011-03-31 (18-27-16).txt

Scan type: Quick scan
Objects scanned: 145648
Time elapsed: 3 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

gmer.log:

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit quick scan 2011-03-31 18:45:51
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdePort0 Hitachi_HTS725050A9A364 rev.PC4OC70E
Running: qhflcuhb.exe; Driver: C:\Users\ul7o\AppData\Local\Temp\kxldapog.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdePort0 85B461F8
Device \Driver\atapi \Device\Ide\IdePort1 85B461F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 85B461F8
Device \Driver\ag1277wm \Device\Scsi\ag1277wm1 86FA01F8
Device \Driver\ag1277wm \Device\Scsi\ag1277wm1Port2Path0Target0Lun0 86FA01F8
Device \FileSystem\Ntfs \Ntfs 85B481F8

AttachedDevice \Driver\tdx \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskHitachi_HTS725050A9A364_________________PC4OC70E#5&a3fa7&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- EOF - GMER 1.0.15 ----

DDS.txt:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by ul7o at 19:00:53.86 on Thu 03/31/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3326.2262 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\RealTemp_340\RealTemp.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\ul7o\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [DU Meter] c:\program files\du meter\DUMeter.exe
uRun: [Creative MediaSource Go] "c:\program files\creative\mediasource5\go\CTCMSGoU.exe" /SCB
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [VolPanel] "c:\program files\creative\sbaudigy\volume panel\VolPanlu.exe" /r
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\windows\installer\{7f0c4457-8e64-491b-8d7b-991504365d1e}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\realtemp.lnk - c:\program files\realtemp_340\RealTemp.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://vpn2.safelnk.net/dana-cached/sc/JuniperSetupClient.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ul7o\appdata\roaming\mozilla\firefox\profiles\18gf7str.default\
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/12/18 20:23:42];c:\program files\cyberlink\powerdvd10\navfilter\000.fcl [2010-8-26 87536]
R2 DUMeterSvc;DU Meter Service;c:\program files\du meter\DUMeterSvc.exe [2010-12-18 504832]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-9-17 2477304]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-12-30 102448]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\realtemp_340\WinRing0.sys [2010-12-18 14416]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
.
=============== Created Last 30 ================
.
2011-03-30 02:13:45 -------- d-----w- c:\users\ul7o\appdata\roaming\Malwarebytes
2011-03-30 02:13:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-30 02:13:40 -------- d-----w- c:\progra~2\Malwarebytes
2011-03-30 02:13:37 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-30 02:13:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-30 01:30:33 0 ----a-w- c:\users\ul7o\appdata\local\Xjuwayew.bin
2011-03-30 01:30:31 -------- d-----w- c:\users\ul7o\appdata\local\{4DBAD5A1-2534-4AEF-8177-DE15CAD61E60}
2011-03-30 00:58:26 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-03-30 00:58:25 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-03-30 00:58:25 728024 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-03-30 00:58:25 1975768 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-03-30 00:58:25 1893336 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-03-30 00:58:25 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-03-30 00:58:25 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-03-30 00:58:25 142296 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-03-17 21:42:43 -------- d-----w- c:\windows\system32\SPReview
2011-03-10 22:41:18 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-03-10 22:41:18 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-03-10 22:41:18 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-03-10 22:41:16 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-10 22:41:16 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-07 06:30:53 -------- d-----w- c:\windows\system32\EventProviders
2011-03-07 05:59:55 -------- d-----w- c:\windows\pss
2011-03-04 23:24:42 -------- d-----w- c:\progra~2\Maxtor
2011-03-04 23:23:44 -------- d-----w- c:\program files\Seagate
2011-03-04 23:21:33 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
.
==================== Find3M ====================
.
2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: Hitachi_HTS725050A9A364 rev.PC4OC70E -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll HSX_CNXT.sys >>UNKNOWN [0x86A04439]<<
c:\windows\system32\drivers\HSX_CNXT.sys Conexant Systems, Inc. SoftK56 Modem Driver
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86a0a7d0]; MOV EAX, [0x86a0a84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x82C54458] -> \Device\Harddisk0\DR0[0x869E1408]
3 CLASSPNP[0x8C2EE59E] -> ntkrnlpa!IofCallDriver[0x82C54458] -> [0x86875918]
5 ACPI[0x833B63B2] -> ntkrnlpa!IofCallDriver[0x82C54458] -> \IdeDeviceP0T0L0-0[0x85BAC590]
\Driver\atapi[0x869E5030] -> IRP_MJ_CREATE -> 0x86A04439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x147; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskHitachi_HTS725050A9A364_________________PC4OC70E#5&a3fa7&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 19:01:18.93 ===============

DDS Attachement.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 12/18/2010 7:28:29 PM
System Uptime: 3/31/2011 6:20:29 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0FP985
Processor: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz | Microprocessor | 2000/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 100 GiB total, 75.601 GiB free.
D: is FIXED (NTFS) - 366 GiB total, 336.914 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP62: 3/17/2011 5:42:29 PM - Windows 7 Service Pack 1
RP63: 3/30/2011 12:39:57 AM - Windows Update
.
==== Installed Programs ======================
.
ACDSee Pro 3
Adobe AIR
Adobe Audition 3.0
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader X (10.0.1)
Adobe Shockwave Player 11.5
BlackArmor Discovery
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Conexant HDA D110 MDC V.92 Modem
Creative MediaSource 5
CyberLink PowerDVD 10
Definition update for Microsoft Office 2010 (KB982726)
Dell Wireless WLAN Card
DU Meter
High-Definition Video Playback 10
Java Auto Updater
Java(TM) 6 Update 23
Juniper Networks Host Checker
Juniper Networks Setup Client
K-Lite Mega Codec Pack 6.6.6
LiveUpdate 3.3 (Symantec Corporation)
Logitech QuickCam
Malwarebytes' Anti-Malware
Microsoft .NET Framework 4 Client Profile
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
mIRC
Mozilla Firefox 4.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero Burning ROM 10
Nero Control Center 10
Nero Core Components 10
Nero Dolby Files 10
Nero Express 10
Nero Multimedia Suite 10
Nero StartSmart 10
NVIDIA Drivers
NVIDIA PhysX
Octoshape add-in for Adobe Flash Player
PDF Settings CS5
QT Lite 4.0.0
QuickSet
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
SigmaTel Audio
Sound Blaster Audigy ADVANCED MB
Symantec Endpoint Protection
Synaptics Pointing Device Driver
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2289116)
Winamp
WinRAR archiver
WinZip 15.0
.
==== Event Viewer Messages From Past Week ========
.
3/31/2011 6:21:15 PM, Error: Service Control Manager [7000] - The BCM42RLY service failed to start due to the following error: The system cannot find the file specified.
3/31/2011 6:19:14 PM, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
3/30/2011 9:44:41 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ProfSvc service.
3/30/2011 9:44:41 PM, Error: Service Control Manager [7000] - The User Profile Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/30/2011 9:44:11 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.
3/30/2011 9:44:11 PM, Error: Service Control Manager [7000] - The System Event Notification Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/30/2011 9:43:41 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Windows Management Instrumentation service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
3/30/2011 9:43:11 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service.
3/30/2011 9:43:11 PM, Error: Service Control Manager [7000] - The IKE and AuthIP IPsec Keying Modules service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/30/2011 9:41:19 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the gpsvc service.
3/30/2011 9:41:19 PM, Error: Service Control Manager [7000] - The Group Policy Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/30/2011 9:40:49 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EapHost service.
3/30/2011 9:40:49 PM, Error: Service Control Manager [7000] - The Extensible Authentication Protocol service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/30/2011 9:38:57 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
3/30/2011 9:38:57 PM, Error: Service Control Manager [7000] - The Windows Update service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/30/2011 9:38:27 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
3/30/2011 9:38:27 PM, Error: Service Control Manager [7000] - The Task Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/30/2011 9:37:57 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
3/30/2011 9:37:27 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Themes service.
3/30/2011 9:37:27 PM, Error: Service Control Manager [7000] - The Themes service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/30/2011 9:36:57 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.
3/30/2011 9:36:57 PM, Error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/30/2011 9:36:27 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
3/30/2011 9:36:27 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/30/2011 11:09:06 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
3/30/2011 11:09:06 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: An instance of the service is already running.
3/30/2011 11:06:06 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
3/30/2011 11:06:06 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
3/30/2011 11:04:06 PM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s).
3/30/2011 11:04:06 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
3/30/2011 11:04:06 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
3/30/2011 11:04:06 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/30/2011 11:04:06 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/30/2011 11:04:06 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
3/30/2011 11:04:06 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/30/2011 11:04:06 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
3/30/2011 11:04:06 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
3/30/2011 11:04:06 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
3/30/2011 11:04:06 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/30/2011 11:04:06 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/30/2011 11:04:06 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/30/2011 10:49:58 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
3/30/2011 10:47:58 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/30/2011 10:47:58 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/30/2011 10:47:58 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/30/2011 10:47:58 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/30/2011 10:47:58 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/30/2011 10:47:58 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/30/2011 10:47:58 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/30/2011 10:47:58 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/30/2011 10:47:58 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/30/2011 10:47:58 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/30/2011 10:47:58 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/30/2011 10:47:58 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/30/2011 10:47:58 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/30/2011 10:47:58 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/30/2011 10:47:58 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/30/2011 10:29:34 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state.
3/30/2011 10:29:33 PM, Error: Service Control Manager [7022] - The Server service hung on starting.
3/30/2011 10:28:11 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
3/30/2011 10:28:11 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/30/2011 10:23:05 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Winmgmt service.
3/30/2011 10:23:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
3/29/2011 9:39:28 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
3/29/2011 9:22:47 PM, Error: Service Control Manager [7031] - The Symantec Settings Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
3/29/2011 9:22:47 PM, Error: Service Control Manager [7031] - The Symantec Event Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 200 milliseconds: Restart the service.
3/29/2011 9:17:48 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Symantec Endpoint Protection service, but this action failed with the following error: An instance of the service is already running.
3/29/2011 9:17:38 PM, Error: Service Control Manager [7031] - The Symantec Endpoint Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
3/29/2011 9:17:37 PM, Error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
3/29/2011 11:45:04 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The pipe has been ended.
3/29/2011 10:09:44 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
.
==== End Of File ===========================

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==================================================================

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[uNo]

Done. Here is the TDSSkiller log:

2011/04/01 17:25:51.0681 6128 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/01 17:25:51.0702 6128 ================================================================================
2011/04/01 17:25:51.0702 6128 SystemInfo:
2011/04/01 17:25:51.0702 6128
2011/04/01 17:25:51.0703 6128 OS Version: 6.1.7600 ServicePack: 0.0
2011/04/01 17:25:51.0703 6128 Product type: Workstation
2011/04/01 17:25:51.0703 6128 ComputerName: UL7O-PC
2011/04/01 17:25:51.0704 6128 UserName: ul7o
2011/04/01 17:25:51.0704 6128 Windows directory: C:\Windows
2011/04/01 17:25:51.0704 6128 System windows directory: C:\Windows
2011/04/01 17:25:51.0704 6128 Processor architecture: Intel x86
2011/04/01 17:25:51.0704 6128 Number of processors: 2
2011/04/01 17:25:51.0704 6128 Page size: 0x1000
2011/04/01 17:25:51.0704 6128 Boot type: Normal boot
2011/04/01 17:25:51.0704 6128 ================================================================================
2011/04/01 17:25:52.0116 6128 Initialize success
2011/04/01 17:26:12.0536 4204 ================================================================================
2011/04/01 17:26:12.0536 4204 Scan started
2011/04/01 17:26:12.0536 4204 Mode: Manual;
2011/04/01 17:26:12.0536 4204 ================================================================================
2011/04/01 17:26:13.0706 4204 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/04/01 17:26:13.0734 4204 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/04/01 17:26:13.0760 4204 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/04/01 17:26:13.0822 4204 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/04/01 17:26:13.0857 4204 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/04/01 17:26:13.0932 4204 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/04/01 17:26:13.0978 4204 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/04/01 17:26:14.0006 4204 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/04/01 17:26:14.0039 4204 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/04/01 17:26:14.0096 4204 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/04/01 17:26:14.0120 4204 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/04/01 17:26:14.0184 4204 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/04/01 17:26:14.0214 4204 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/01 17:26:14.0233 4204 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/04/01 17:26:14.0261 4204 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/04/01 17:26:14.0300 4204 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/04/01 17:26:14.0328 4204 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/04/01 17:26:14.0359 4204 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/04/01 17:26:14.0468 4204 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/04/01 17:26:14.0494 4204 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/04/01 17:26:14.0523 4204 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/01 17:26:14.0548 4204 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/04/01 17:26:14.0602 4204 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/04/01 17:26:14.0694 4204 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/04/01 17:26:14.0780 4204 BCM43XX (abd543e555bc0453bf52664936df4dcd) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/04/01 17:26:14.0824 4204 bcm4sbxp (82dd21bfa8bbe0a3a3833a1bd8e86158) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
2011/04/01 17:26:14.0905 4204 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/04/01 17:26:14.0944 4204 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/04/01 17:26:14.0970 4204 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/01 17:26:14.0995 4204 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/04/01 17:26:15.0019 4204 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/04/01 17:26:15.0056 4204 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/04/01 17:26:15.0110 4204 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/04/01 17:26:15.0174 4204 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/04/01 17:26:15.0199 4204 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/04/01 17:26:15.0244 4204 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/04/01 17:26:15.0262 4204 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/01 17:26:15.0280 4204 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
2011/04/01 17:26:15.0310 4204 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
2011/04/01 17:26:15.0355 4204 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
2011/04/01 17:26:15.0444 4204 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys
2011/04/01 17:26:15.0488 4204 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/01 17:26:15.0538 4204 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/01 17:26:15.0572 4204 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/04/01 17:26:15.0609 4204 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/04/01 17:26:15.0712 4204 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/01 17:26:15.0739 4204 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/04/01 17:26:15.0759 4204 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/04/01 17:26:15.0800 4204 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/01 17:26:15.0821 4204 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/04/01 17:26:15.0855 4204 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/04/01 17:26:15.0966 4204 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/04/01 17:26:16.0026 4204 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/04/01 17:26:16.0057 4204 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/04/01 17:26:16.0081 4204 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/04/01 17:26:16.0135 4204 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/04/01 17:26:16.0226 4204 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/01 17:26:16.0323 4204 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/04/01 17:26:16.0451 4204 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/04/01 17:26:16.0535 4204 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/04/01 17:26:16.0642 4204 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/04/01 17:26:16.0671 4204 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/04/01 17:26:16.0736 4204 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/04/01 17:26:16.0757 4204 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/04/01 17:26:16.0795 4204 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/01 17:26:16.0832 4204 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/04/01 17:26:16.0859 4204 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/04/01 17:26:16.0875 4204 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/01 17:26:16.0902 4204 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/04/01 17:26:16.0938 4204 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/04/01 17:26:16.0960 4204 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/01 17:26:17.0002 4204 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/01 17:26:17.0073 4204 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/04/01 17:26:17.0111 4204 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/04/01 17:26:17.0178 4204 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/04/01 17:26:17.0229 4204 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/01 17:26:17.0253 4204 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/04/01 17:26:17.0304 4204 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/04/01 17:26:17.0338 4204 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/04/01 17:26:17.0369 4204 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/01 17:26:17.0434 4204 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/04/01 17:26:17.0517 4204 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/04/01 17:26:17.0592 4204 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/04/01 17:26:17.0647 4204 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/04/01 17:26:17.0684 4204 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/04/01 17:26:17.0726 4204 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/01 17:26:17.0809 4204 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/04/01 17:26:17.0851 4204 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/04/01 17:26:17.0886 4204 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/04/01 17:26:17.0913 4204 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/01 17:26:17.0951 4204 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/01 17:26:17.0976 4204 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/04/01 17:26:18.0003 4204 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/04/01 17:26:18.0065 4204 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/04/01 17:26:18.0116 4204 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/04/01 17:26:18.0147 4204 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/01 17:26:18.0194 4204 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/01 17:26:18.0216 4204 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/01 17:26:18.0244 4204 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/01 17:26:18.0280 4204 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/04/01 17:26:18.0390 4204 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/01 17:26:18.0436 4204 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/04/01 17:26:18.0460 4204 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/04/01 17:26:18.0492 4204 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/04/01 17:26:18.0522 4204 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/04/01 17:26:18.0548 4204 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/04/01 17:26:18.0612 4204 LVcKap (dbbfda5f1a763d72654fcae3713308b0) C:\Windows\system32\DRIVERS\LVcKap.sys
2011/04/01 17:26:18.0718 4204 LVMVDrv (abc526d47203d5d85699c92a90e4676c) C:\Windows\system32\DRIVERS\LVMVDrv.sys
2011/04/01 17:26:18.0774 4204 LVPr2Mon (50a57d0000ad06feb085c241ce51ae95) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
2011/04/01 17:26:18.0878 4204 LVUSBSta (dd215df4cfdf535615abb06bd0df4442) C:\Windows\system32\DRIVERS\LVUSBSta.sys
2011/04/01 17:26:18.0915 4204 LVUVC (917e5030bdeb63e2718a9eeb98407685) C:\Windows\system32\DRIVERS\lvuvc.sys
2011/04/01 17:26:18.0955 4204 mdmxsdk (e246a32c445056996074a397da56e815) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/04/01 17:26:18.0992 4204 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/04/01 17:26:19.0076 4204 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/04/01 17:26:19.0132 4204 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/04/01 17:26:19.0164 4204 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/01 17:26:19.0202 4204 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/01 17:26:19.0228 4204 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/01 17:26:19.0246 4204 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/04/01 17:26:19.0276 4204 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/04/01 17:26:19.0344 4204 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/01 17:26:19.0378 4204 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/04/01 17:26:19.0427 4204 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/01 17:26:19.0457 4204 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/01 17:26:19.0482 4204 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/01 17:26:19.0516 4204 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/04/01 17:26:19.0587 4204 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/04/01 17:26:19.0640 4204 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/04/01 17:26:19.0657 4204 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/04/01 17:26:19.0682 4204 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/04/01 17:26:19.0722 4204 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/01 17:26:19.0738 4204 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/01 17:26:19.0760 4204 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/04/01 17:26:19.0783 4204 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/04/01 17:26:19.0824 4204 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/01 17:26:19.0889 4204 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/04/01 17:26:19.0908 4204 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/04/01 17:26:19.0932 4204 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/04/01 17:26:19.0970 4204 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/01 17:26:20.0054 4204 NAVENG (c8ef74e4d8105b1d02d58ea4734cf616) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110330.003\NAVENG.SYS
2011/04/01 17:26:20.0100 4204 NAVEX15 (94b3164055d821a62944d9fe84036470) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110330.003\NAVEX15.SYS
2011/04/01 17:26:20.0193 4204 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/04/01 17:26:20.0241 4204 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/04/01 17:26:20.0273 4204 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/01 17:26:20.0296 4204 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/01 17:26:20.0318 4204 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/01 17:26:20.0346 4204 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/04/01 17:26:20.0419 4204 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/01 17:26:20.0445 4204 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/01 17:26:20.0501 4204 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/04/01 17:26:20.0531 4204 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/04/01 17:26:20.0564 4204 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/01 17:26:20.0614 4204 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/04/01 17:26:20.0689 4204 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/04/01 17:26:20.0845 4204 nvlddmkm (05200c3a9b1370aa2d8c99f1a464168b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/01 17:26:21.0025 4204 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/04/01 17:26:21.0046 4204 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/04/01 17:26:21.0081 4204 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/04/01 17:26:21.0101 4204 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/01 17:26:21.0162 4204 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/04/01 17:26:21.0195 4204 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/04/01 17:26:21.0215 4204 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/04/01 17:26:21.0252 4204 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/04/01 17:26:21.0280 4204 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/04/01 17:26:21.0315 4204 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/01 17:26:21.0393 4204 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/04/01 17:26:21.0420 4204 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/04/01 17:26:21.0591 4204 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/01 17:26:21.0620 4204 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/04/01 17:26:21.0662 4204 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/01 17:26:21.0717 4204 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/04/01 17:26:21.0763 4204 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/04/01 17:26:21.0848 4204 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/01 17:26:21.0873 4204 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/01 17:26:21.0914 4204 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/04/01 17:26:21.0944 4204 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/01 17:26:21.0974 4204 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/01 17:26:21.0995 4204 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/01 17:26:22.0018 4204 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/01 17:26:22.0044 4204 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/04/01 17:26:22.0063 4204 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/01 17:26:22.0102 4204 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/04/01 17:26:22.0197 4204 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/01 17:26:22.0226 4204 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/04/01 17:26:22.0250 4204 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/04/01 17:26:22.0284 4204 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/04/01 17:26:22.0343 4204 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/04/01 17:26:22.0412 4204 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/04/01 17:26:22.0469 4204 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/04/01 17:26:22.0516 4204 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/04/01 17:26:22.0574 4204 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/01 17:26:22.0609 4204 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/04/01 17:26:22.0660 4204 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/04/01 17:26:22.0713 4204 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/04/01 17:26:22.0774 4204 sdbus (aa826e35f6d28a8e5d1efeb337f24ba2) C:\Windows\system32\DRIVERS\sdbus.sys
2011/04/01 17:26:22.0827 4204 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/01 17:26:22.0867 4204 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/01 17:26:22.0893 4204 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/04/01 17:26:22.0914 4204 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/04/01 17:26:22.0961 4204 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/04/01 17:26:23.0013 4204 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/04/01 17:26:23.0044 4204 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/04/01 17:26:23.0061 4204 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/04/01 17:26:23.0094 4204 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/04/01 17:26:23.0130 4204 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/04/01 17:26:23.0156 4204 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/04/01 17:26:23.0205 4204 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/04/01 17:26:23.0292 4204 SPBBCDrv (e621bb5839cf45fa477f48092edd2b40) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/04/01 17:26:23.0344 4204 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/04/01 17:26:23.0419 4204 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/04/01 17:26:23.0419 4204 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/04/01 17:26:23.0431 4204 sptd - detected Locked file (1)
2011/04/01 17:26:23.0475 4204 SRTSP (2abf82c8452ab0b9ffc74a2d5da91989) C:\Windows\system32\Drivers\SRTSP.SYS
2011/04/01 17:26:23.0500 4204 SRTSPL (e2f9e5887bea5bd8784d337e06eda31b) C:\Windows\system32\Drivers\SRTSPL.SYS
2011/04/01 17:26:23.0543 4204 SRTSPX (3b974c158fabd910186f98df8d3e23f3) C:\Windows\system32\Drivers\SRTSPX.SYS
2011/04/01 17:26:23.0612 4204 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2011/04/01 17:26:23.0645 4204 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/01 17:26:23.0692 4204 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/04/01 17:26:23.0739 4204 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/04/01 17:26:23.0829 4204 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/04/01 17:26:23.0878 4204 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/01 17:26:23.0928 4204 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/04/01 17:26:23.0998 4204 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
2011/04/01 17:26:24.0036 4204 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/04/01 17:26:24.0071 4204 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/04/01 17:26:24.0106 4204 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/01 17:26:24.0185 4204 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\Windows\system32\Drivers\SYMEVENT.SYS
2011/04/01 17:26:24.0265 4204 SYMREDRV (394b2368212114d538316812af60fddd) C:\Windows\System32\Drivers\SYMREDRV.SYS
2011/04/01 17:26:24.0299 4204 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\Windows\System32\Drivers\SYMTDI.SYS
2011/04/01 17:26:24.0344 4204 SynTP (1f5192248a364d4ab68db063d18a2139) C:\Windows\system32\DRIVERS\SynTP.sys
2011/04/01 17:26:24.0384 4204 SysPlant (1295b1da3e2a2c24c7d176f6e97afbd1) C:\Windows\SYSTEM32\Drivers\SysPlant.sys
2011/04/01 17:26:24.0454 4204 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/04/01 17:26:24.0559 4204 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/01 17:26:24.0600 4204 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/01 17:26:24.0630 4204 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/04/01 17:26:24.0648 4204 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/04/01 17:26:24.0680 4204 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/01 17:26:24.0723 4204 Teefer2 (1de2e1357552a79f39bff003a11c533e) C:\Windows\system32\DRIVERS\teefer2.sys
2011/04/01 17:26:24.0747 4204 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/01 17:26:24.0802 4204 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/01 17:26:24.0890 4204 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/01 17:26:24.0920 4204 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/04/01 17:26:24.0948 4204 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/01 17:26:24.0992 4204 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/04/01 17:26:25.0026 4204 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/01 17:26:25.0056 4204 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/04/01 17:26:25.0109 4204 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
2011/04/01 17:26:25.0165 4204 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/01 17:26:25.0196 4204 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/04/01 17:26:25.0219 4204 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/01 17:26:25.0240 4204 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/01 17:26:25.0269 4204 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/01 17:26:25.0299 4204 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/01 17:26:25.0324 4204 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/01 17:26:25.0347 4204 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/01 17:26:25.0407 4204 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/04/01 17:26:25.0482 4204 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/01 17:26:25.0509 4204 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/04/01 17:26:25.0540 4204 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/04/01 17:26:25.0568 4204 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/04/01 17:26:25.0594 4204 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/04/01 17:26:25.0623 4204 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/04/01 17:26:25.0655 4204 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/04/01 17:26:25.0719 4204 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/04/01 17:26:25.0772 4204 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/04/01 17:26:25.0804 4204 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/04/01 17:26:25.0827 4204 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/04/01 17:26:25.0865 4204 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/04/01 17:26:25.0904 4204 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/04/01 17:26:25.0935 4204 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/04/01 17:26:25.0972 4204 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/04/01 17:26:26.0051 4204 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/01 17:26:26.0064 4204 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/01 17:26:26.0114 4204 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/04/01 17:26:26.0148 4204 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/01 17:26:26.0216 4204 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/04/01 17:26:26.0234 4204 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/04/01 17:26:26.0282 4204 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/04/01 17:26:26.0416 4204 WinRing0_1_2_0 (845af1ba23c8d5e64def61bcc441604c) C:\Program Files\RealTemp_340\WinRing0.sys
2011/04/01 17:26:26.0528 4204 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/01 17:26:26.0594 4204 WPS (c1620ebb375d3b02e31fd311c44fedeb) C:\Windows\system32\drivers\wpsdrvnt.sys
2011/04/01 17:26:26.0634 4204 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\Windows\system32\drivers\WpsHelper.sys
2011/04/01 17:26:26.0660 4204 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/01 17:26:26.0708 4204 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/04/01 17:26:26.0737 4204 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/01 17:26:26.0845 4204 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} (74ec37b9eaf9fca015b933a526825c7a) C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl
2011/04/01 17:26:26.0881 4204 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/04/01 17:26:26.0886 4204 ================================================================================
2011/04/01 17:26:26.0886 4204 Scan finished
2011/04/01 17:26:26.0886 4204 ================================================================================
2011/04/01 17:26:26.0896 4112 Detected object count: 2
2011/04/01 17:26:53.0729 4112 Locked file(sptd) - User select action: Skip
2011/04/01 17:26:53.0779 4112 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/04/01 17:26:53.0779 4112 \HardDisk0 - ok
2011/04/01 17:26:53.0780 4112 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/04/01 17:27:04.0895 6104 Deinitialize success

 

[Broni]

Good

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

====================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[uNo]

Done. Here are the logs:

MBRCheck log:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: MXC062
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 226):
0x82C1B000 \SystemRoot\system32\ntkrnlpa.exe
0x8302B000 \SystemRoot\system32\halmacpi.dll
0x80BCC000 \SystemRoot\system32\kdcom.dll
0x8322F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x832A7000 \SystemRoot\system32\PSHED.dll
0x832B8000 \SystemRoot\system32\BOOTVID.dll
0x832C0000 \SystemRoot\system32\CLFS.SYS
0x83302000 \SystemRoot\system32\CI.dll
0x8BA0F000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8BA80000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8BA8E000 \SystemRoot\System32\Drivers\spfu.sys
0x8BB81000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8BB8A000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x8BBB0000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8BBF8000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8BA00000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x833AD000 \SystemRoot\system32\DRIVERS\pci.sys
0x833D7000 \SystemRoot\System32\drivers\partmgr.sys
0x833E8000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x833F0000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x83200000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8BC14000 \SystemRoot\System32\drivers\volmgrx.sys
0x8BC5F000 \SystemRoot\system32\DRIVERS\intelide.sys
0x8BC66000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8BC74000 \SystemRoot\System32\drivers\mountmgr.sys
0x8BC8A000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8BC93000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8BCB6000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8BCBF000 \SystemRoot\system32\drivers\fltmgr.sys
0x8BCF3000 \SystemRoot\system32\drivers\fileinfo.sys
0x8BE2E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8BF5D000 \SystemRoot\System32\Drivers\msrpc.sys
0x8BF88000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8BF9B000 \SystemRoot\System32\Drivers\cng.sys
0x8BE00000 \SystemRoot\System32\drivers\pcw.sys
0x8BE0E000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8BD04000 \SystemRoot\system32\drivers\ndis.sys
0x8BDBB000 \SystemRoot\system32\drivers\NETIO.SYS
0x8C01F000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8C044000 \SystemRoot\System32\drivers\tcpip.sys
0x8C18D000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8C1BE000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8C233000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8C272000 \SystemRoot\System32\Drivers\spldr.sys
0x8C27A000 \SystemRoot\System32\drivers\rdyboost.sys
0x8C2A7000 \SystemRoot\System32\Drivers\mup.sys
0x8C2B7000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8C2BF000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8C2F1000 \SystemRoot\system32\DRIVERS\disk.sys
0x8C302000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8C359000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8C378000 \SystemRoot\System32\Drivers\SRTSP.SYS
0x9060B000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110330.003\NAVEX15.SYS
0x90756000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x9077B000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110330.003\NAVENG.SYS
0x9078F000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0x90799000 \SystemRoot\System32\Drivers\Null.SYS
0x907A0000 \SystemRoot\System32\Drivers\Beep.SYS
0x907A7000 \SystemRoot\System32\drivers\vga.sys
0x907B3000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x907D4000 \SystemRoot\System32\drivers\watchdog.sys
0x907E1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x907E9000 \SystemRoot\system32\drivers\rdpencdd.sys
0x907F1000 \SystemRoot\system32\drivers\rdprefmp.sys
0x90600000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8C3C2000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8C3D0000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8C3E7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8C200000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0x8C3F2000 \??\C:\Windows\system32\drivers\wpsdrvnt.sys
0x98826000 \SystemRoot\system32\drivers\afd.sys
0x98880000 \SystemRoot\System32\DRIVERS\netbt.sys
0x988B2000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x988B9000 \SystemRoot\system32\DRIVERS\pacer.sys
0x988D8000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x988E9000 \SystemRoot\system32\DRIVERS\netbios.sys
0x988F7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x9890A000 \SystemRoot\system32\DRIVERS\termdd.sys
0x9891A000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0x98984000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x989C5000 \SystemRoot\system32\drivers\nsiproxy.sys
0x989CF000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x98C1B000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x98C79000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x98C96000 \SystemRoot\System32\drivers\discache.sys
0x98CA2000 \SystemRoot\system32\drivers\csc.sys
0x98D06000 \SystemRoot\System32\Drivers\dfsc.sys
0x98D1E000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x98D2C000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x98D4D000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x98D5F000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x98D68000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x99620000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x99426000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x994DD000 \SystemRoot\System32\drivers\dxgmms1.sys
0x99516000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x9F422000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x9F524000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x9F52F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x9F57A000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x9F589000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0x9F59A000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x9F5C6000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x9F5DF000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x9F400000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x99535000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x99586000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x9959E000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x9F414000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x9F5ED000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x995C9000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x99D52000 \SystemRoot\System32\Drivers\atzh89an.SYS
0x995D6000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x995E3000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x99400000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x9F416000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x99D8B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x99DAD000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x99DC5000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x99DDC000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x99418000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x99600000 \SystemRoot\system32\DRIVERS\teefer2.sys
0x9F5FA000 \SystemRoot\system32\DRIVERS\swenum.sys
0x98D6C000 \SystemRoot\system32\DRIVERS\ks.sys
0x98DA0000 \SystemRoot\system32\DRIVERS\umbus.sys
0x98DAE000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x98C00000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x81E31000 \SystemRoot\system32\drivers\stwrt.sys
0x81E86000 \SystemRoot\system32\drivers\portcls.sys
0x81EB5000 \SystemRoot\system32\drivers\drmk.sys
0x81ECE000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x81F08000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8220D000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x822C3000 \SystemRoot\system32\drivers\modem.sys
0x822D0000 \SystemRoot\System32\Drivers\crashdmp.sys
0x822DD000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x82660000 \SystemRoot\System32\win32k.sys
0x822E8000 \SystemRoot\System32\drivers\Dxapi.sys
0x822F2000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x822FB000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x8230C000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x82323000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8232E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x82341000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8D01B000 \SystemRoot\system32\DRIVERS\LVMVDrv.sys
0x8D000000 \SystemRoot\system32\DRIVERS\LVUSBSta.sys
0x8D220000 \SystemRoot\system32\DRIVERS\lvuvc.sys
0x8D328000 \SystemRoot\system32\drivers\usbaudio.sys
0x8D416000 \SystemRoot\system32\DRIVERS\LVcKap.sys
0x8D5B2000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8D5BE000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8D5C9000 \SystemRoot\system32\DRIVERS\monitor.sys
0x8D5D4000 \SystemRoot\system32\drivers\btusbflt.sys
0x8D5DE000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x8D33C000 \SystemRoot\System32\Drivers\bthport.sys
0x828C0000 \SystemRoot\System32\TSDDD.dll
0x8D3A0000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x8D5F0000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x8D3C4000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x828F0000 \SystemRoot\System32\cdd.dll
0x82910000 \SystemRoot\System32\ATMFD.DLL
0x8D3DF000 \SystemRoot\system32\drivers\luafv.sys
0x8D200000 \SystemRoot\system32\drivers\WudfPf.sys
0x8D400000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x82348000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8D009000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8238E000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA5019000 \SystemRoot\system32\drivers\HTTP.sys
0xA509E000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA50B7000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA50C9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA50EC000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA5127000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA515A000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA515E000 \SystemRoot\system32\drivers\peauth.sys
0xA51F5000 \SystemRoot\System32\Drivers\secdrv.SYS
0x823A1000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA5000000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0x823C2000 \??\C:\Windows\system32\drivers\WpsHelper.sys
0xA5005000 \SystemRoot\System32\drivers\tcpipreg.sys
0x81E00000 \??\C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl
0xA9234000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA9283000 \SystemRoot\System32\DRIVERS\srv.sys
0xA92D4000 \??\C:\Program Files\RealTemp_340\WinRing0.sys
0xA92D6000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
0xA92DB000 \SystemRoot\system32\drivers\spsys.sys
0x775E0000 \Windows\System32\ntdll.dll
0x47FF0000 \Windows\System32\smss.exe
0x77820000 \Windows\System32\apisetschema.dll
0x00610000 \Windows\System32\autochk.exe
0x773E0000 \Windows\System32\iertutil.dll
0x77770000 \Windows\System32\advapi32.dll
0x77760000 \Windows\System32\normaliz.dll
0x77380000 \Windows\System32\difxapi.dll
0x771E0000 \Windows\System32\setupapi.dll
0x77720000 \Windows\System32\ws2_32.dll
0x770A0000 \Windows\System32\urlmon.dll
0x76450000 \Windows\System32\shell32.dll
0x76440000 \Windows\System32\psapi.dll
0x76360000 \Windows\System32\kernel32.dll
0x76260000 \Windows\System32\wininet.dll
0x761D0000 \Windows\System32\clbcatq.dll
0x76070000 \Windows\System32\ole32.dll
0x76020000 \Windows\System32\gdi32.dll
0x75F50000 \Windows\System32\msctf.dll
0x75E80000 \Windows\System32\user32.dll
0x75E20000 \Windows\System32\shlwapi.dll
0x75DA0000 \Windows\System32\comdlg32.dll
0x75D70000 \Windows\System32\imagehlp.dll
0x75CE0000 \Windows\System32\oleaut32.dll
0x75C90000 \Windows\System32\Wldap32.dll
0x75BF0000 \Windows\System32\usp10.dll
0x75BE0000 \Windows\System32\lpk.dll
0x75B30000 \Windows\System32\rpcrt4.dll
0x75B10000 \Windows\System32\imm32.dll
0x75AF0000 \Windows\System32\sechost.dll
0x75AE0000 \Windows\System32\nsi.dll
0x75A30000 \Windows\System32\msvcrt.dll
0x75A10000 \Windows\System32\devobj.dll
0x75980000 \Windows\System32\comctl32.dll
0x75950000 \Windows\System32\cfgmgr32.dll
0x75920000 \Windows\System32\wintrust.dll
0x758D0000 \Windows\System32\KernelBase.dll
0x757B0000 \Windows\System32\crypt32.dll
0x757A0000 \Windows\System32\msasn1.dll
0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll

Processes (total 61):
0 System Idle Process
4 System
284 C:\Windows\System32\smss.exe
416 csrss.exe
500 csrss.exe
508 C:\Windows\System32\wininit.exe
556 C:\Windows\System32\winlogon.exe
604 C:\Windows\System32\services.exe
612 C:\Windows\System32\lsass.exe
624 C:\Windows\System32\lsm.exe
716 C:\Windows\System32\svchost.exe
780 C:\Windows\System32\nvvsvc.exe
816 C:\Windows\System32\svchost.exe
912 C:\Windows\System32\svchost.exe
964 C:\Windows\System32\svchost.exe
992 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
1060 C:\Windows\System32\svchost.exe
1116 C:\Windows\System32\audiodg.exe
1204 C:\Windows\System32\svchost.exe
1288 C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
1304 C:\Windows\System32\rundll32.exe
1404 C:\Windows\System32\svchost.exe
1488 C:\Windows\System32\WLTRYSVC.EXE
1512 C:\Windows\System32\wlanext.exe
1520 C:\Windows\System32\conhost.exe
1528 C:\Windows\System32\BCMWLTRY.EXE
1552 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
1836 C:\Windows\System32\spoolsv.exe
1880 C:\Windows\System32\svchost.exe
1968 C:\Windows\System32\taskhost.exe
324 C:\Windows\System32\dwm.exe
732 C:\Windows\explorer.exe
2024 C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
1036 C:\Windows\System32\CTSVCCDA.EXE
2244 C:\Program Files\DU Meter\DUMeterSvc.exe
2312 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
2380 C:\Windows\System32\rundll32.exe
2404 C:\Windows\System32\stacsv.exe
2424 C:\Windows\System32\rundll32.exe
2588 C:\Windows\System32\WLTRAY.EXE
2636 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2748 C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
2828 C:\Program Files\DU Meter\DUMeter.exe
2840 C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe
2884 C:\Program Files\DAEMON Tools Lite\DTLite.exe
2908 C:\Program Files\Dell\QuickSet\quickset.exe
2928 C:\Program Files\RealTemp_340\RealTemp.exe
3052 C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
3356 WmiPrvSE.exe
3548 C:\Windows\System32\SearchIndexer.exe
3648 C:\Windows\System32\svchost.exe
3712 C:\Windows\System32\svchost.exe
2196 C:\Windows\System32\svchost.exe
2580 C:\Program Files\Windows Media Player\wmpnetwk.exe
1440 C:\Program Files\Internet Explorer\iexplore.exe
312 C:\Program Files\Internet Explorer\iexplore.exe
4688 C:\Program Files\Internet Explorer\iexplore.exe
5304 C:\Windows\System32\sppsvc.exe
5460 C:\Users\ul7o\Desktop\MBRCheck.exe
5476 C:\Windows\System32\conhost.exe
5532 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000019`00000000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS725050A9A364, Rev: PC4OC70E

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

ComboFix.txt:

ComboFix 11-04-01.01 - ul7o 04/01/2011 22:51:30.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3326.2459 [GMT -4:00]
Running from: c:\users\ul7o\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\ul7o\AppData\Local\{4DBAD5A1-2534-4AEF-8177-DE15CAD61E60}
c:\users\ul7o\AppData\Local\{4DBAD5A1-2534-4AEF-8177-DE15CAD61E60}\chrome.manifest
c:\users\ul7o\AppData\Local\{4DBAD5A1-2534-4AEF-8177-DE15CAD61E60}\chrome\content\_cfg.js
c:\users\ul7o\AppData\Local\{4DBAD5A1-2534-4AEF-8177-DE15CAD61E60}\chrome\content\overlay.xul
c:\users\ul7o\AppData\Local\{4DBAD5A1-2534-4AEF-8177-DE15CAD61E60}\install.rdf
c:\users\ul7o\AppData\Roaming\Adobe\plugs
c:\users\ul7o\AppData\Roaming\Adobe\shed
.
.
((((((((((((((((((((((((( Files Created from 2011-03-02 to 2011-04-02 )))))))))))))))))))))))))))))))
.
.
2011-04-02 02:55 . 2011-04-02 02:56 -------- d-----w- c:\users\ul7o\AppData\Local\temp
2011-04-02 02:55 . 2011-04-02 02:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-30 02:13 . 2011-03-30 02:13 -------- d-----w- c:\users\ul7o\AppData\Roaming\Malwarebytes
2011-03-30 02:13 . 2011-03-30 02:13 -------- d-----w- c:\programdata\Malwarebytes
2011-03-30 02:13 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-30 02:13 . 2011-03-30 02:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-30 02:13 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-30 01:30 . 2011-03-30 01:30 0 ----a-w- c:\users\ul7o\AppData\Local\Xjuwayew.bin
2011-03-30 01:17 . 2011-03-30 01:17 -------- d-----w- c:\windows\Sun
2011-03-30 00:58 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-03-30 00:58 . 2011-03-18 17:53 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-03-30 00:58 . 2011-03-18 17:53 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-03-30 00:58 . 2011-03-18 17:53 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-03-30 00:58 . 2011-03-18 17:53 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-03-30 00:58 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-03-30 00:58 . 2011-03-18 17:53 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-03-30 00:58 . 2011-03-18 17:53 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-03-17 21:42 . 2011-03-17 21:42 -------- d-----w- c:\windows\system32\SPReview
2011-03-10 22:41 . 2011-02-19 05:33 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-03-10 22:41 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-03-10 22:41 . 2011-02-19 05:32 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-03-10 22:41 . 2010-12-23 05:28 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-10 22:41 . 2010-12-23 05:24 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-07 06:30 . 2011-03-07 06:30 -------- d-----w- c:\windows\system32\EventProviders
2011-03-04 23:24 . 2011-03-04 23:24 -------- d-----w- c:\programdata\Maxtor
2011-03-04 23:23 . 2011-03-04 23:23 -------- d-----w- c:\program files\Seagate
2011-03-04 23:21 . 2011-01-07 07:31 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-07 07:27 . 2011-02-11 04:05 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33 . 2011-02-11 04:05 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-02 20:07 . 2011-01-02 20:07 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-03-18 17:53 . 2011-03-30 00:58 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2009-03-13 1058816]
"Creative MediaSource Go"="c:\program files\Creative\MediaSource5\Go\CTCMSGoU.exe" [2006-11-09 204800]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-30 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-01-30 96800]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-16 815104]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2010-12-19 45056]
RealTemp.lnk - c:\program files\RealTemp_340\RealTemp.exe [2010-12-18 184176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^ul7o^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
path=c:\users\ul7o\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 17:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 08:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 09:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 19:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2010-08-26 10:18 75048 ------w- c:\program files\CyberLink\Shared files\brs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-02-13 15:37 488984 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-02-13 15:38 774680 ----a-w- c:\program files\Logitech\QuickCam10\QuickCam10.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
2010-02-03 05:08 87336 ------w- c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 18:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 06:00 90112 ------w- c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 45736]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-01-02 691696]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/12/18 20:23];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-08-26 17:18 87536]
S2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe [2009-03-13 504832]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-12-17 102448]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WINRING0_1_2_0
*Deregistered* - WinRing0_1_2_0
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
FF - ProfilePath - c:\users\ul7o\AppData\Roaming\Mozilla\Firefox\Profiles\18gf7str.default\
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-Symantec Antvirus
MSConfigStartUp-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\ul7o\AppData\Roaming\Macromedia\Flash Player\
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DUMeterSvc]
"ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.032"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.abr"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ani"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.apd"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.arw"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.bay"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.bmp"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.bw"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.cr2"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.crw"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.cs1"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.cur"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dcr"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dcx"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dib"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.djv"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.djvu"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dng"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.emf"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.eps"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.erf"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.fff"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.fpx"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.gif"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.hdr"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.icl"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.icn"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (S-1-5-21-4603232-3277971173-2246861519-1000)
@Denied: (2) (LocalSystem)
"Progid"="Winamp.File.iff"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ilbm"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.int"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.inta"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.iw4"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.j2c"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.j2k"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jbr"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jfif"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jif"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jp2"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpc"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpe"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpeg"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpg"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpk"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpx"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.kdc"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.lbm"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.mef"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.mos"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.mrw"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.nef"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.nrw"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.orf"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pbm"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pbr"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pcd"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pct"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pcx"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pef"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pgm"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pic"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pict"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pix"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.png"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ppm"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.psd"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.psp"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pspbrush"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pspimage"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.raf"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ras"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (S-1-5-21-4603232-3277971173-2246861519-1000)
@Denied: (2) (LocalSystem)
"Progid"="Winamp.File.raw"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rgb"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rgba"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rle"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rsb"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rw2"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rwl"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.sgi"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.sr2"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.srf"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.tga"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.thm"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.tif"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.tiff"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ttc"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ttf"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30po"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30pp"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30ppf"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.wbm"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.wbmp"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.wmf"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xbm"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xif"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xmp"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xpm"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-04-01 22:57:41
ComboFix-quarantined-files.txt 2011-04-02 02:57
.
Pre-Run: 80,655,441,920 bytes free
Post-Run: 80,314,445,824 bytes free
.
- - End Of File - - 4C7B4556BCEC273B0751D5F100E5E149

 

[Broni]

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
c:\users\ul7o\AppData\Local\Xjuwayew.bin

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

 

[uNo]

Done. ComboFIX took 5 times as long as it did the 1st time around. Here is the log:

ComboFix 11-04-01.01 - ul7o 04/01/2011 23:27:19.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3326.2449 [GMT -4:00]
Running from: c:\users\ul7o\Desktop\ComboFix.exe
Command switches used :: c:\users\ul7o\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\ul7o\AppData\Local\Xjuwayew.bin"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\ul7o\AppData\Local\Xjuwayew.bin
.
.
((((((((((((((((((((((((( Files Created from 2011-03-02 to 2011-04-02 )))))))))))))))))))))))))))))))
.
.
2011-04-02 03:36 . 2011-04-02 03:37 -------- d-----w- c:\users\ul7o\AppData\Local\temp
2011-04-02 03:36 . 2011-04-02 03:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-30 02:13 . 2011-03-30 02:13 -------- d-----w- c:\users\ul7o\AppData\Roaming\Malwarebytes
2011-03-30 02:13 . 2011-03-30 02:13 -------- d-----w- c:\programdata\Malwarebytes
2011-03-30 02:13 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-30 02:13 . 2011-03-30 02:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-30 02:13 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-30 01:17 . 2011-03-30 01:17 -------- d-----w- c:\windows\Sun
2011-03-30 00:58 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-03-30 00:58 . 2011-03-18 17:53 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-03-30 00:58 . 2011-03-18 17:53 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-03-30 00:58 . 2011-03-18 17:53 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-03-30 00:58 . 2011-03-18 17:53 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-03-30 00:58 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-03-30 00:58 . 2011-03-18 17:53 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-03-30 00:58 . 2011-03-18 17:53 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-03-17 21:42 . 2011-03-17 21:42 -------- d-----w- c:\windows\system32\SPReview
2011-03-10 22:41 . 2011-02-19 05:33 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-03-10 22:41 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-03-10 22:41 . 2011-02-19 05:32 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-03-10 22:41 . 2010-12-23 05:28 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-10 22:41 . 2010-12-23 05:24 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-07 06:30 . 2011-03-07 06:30 -------- d-----w- c:\windows\system32\EventProviders
2011-03-04 23:24 . 2011-03-04 23:24 -------- d-----w- c:\programdata\Maxtor
2011-03-04 23:23 . 2011-03-04 23:23 -------- d-----w- c:\program files\Seagate
2011-03-04 23:21 . 2011-01-07 07:31 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-07 07:27 . 2011-02-11 04:05 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33 . 2011-02-11 04:05 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-02 20:07 . 2011-01-02 20:07 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-03-18 17:53 . 2011-03-30 00:58 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2009-03-13 1058816]
"Creative MediaSource Go"="c:\program files\Creative\MediaSource5\Go\CTCMSGoU.exe" [2006-11-09 204800]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-30 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-01-30 96800]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-16 815104]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2010-12-19 45056]
RealTemp.lnk - c:\program files\RealTemp_340\RealTemp.exe [2010-12-18 184176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^ul7o^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
path=c:\users\ul7o\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 17:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 08:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 09:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 19:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2010-08-26 10:18 75048 ------w- c:\program files\CyberLink\Shared files\brs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-02-13 15:37 488984 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-02-13 15:38 774680 ----a-w- c:\program files\Logitech\QuickCam10\QuickCam10.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
2010-02-03 05:08 87336 ------w- c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 18:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 06:00 90112 ------w- c:\windows\Updreg.EXE
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-01-02 691696]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/12/18 20:23];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-08-26 17:18 87536]
S2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe [2009-03-13 504832]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 45736]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-12-17 102448]
.
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
FF - ProfilePath - c:\users\ul7o\AppData\Roaming\Mozilla\Firefox\Profiles\18gf7str.default\
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DUMeterSvc]
"ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.032"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.abr"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ani"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.apd"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.arw"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.bay"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.bmp"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.bw"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.cr2"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.crw"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.cs1"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.cur"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dcr"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dcx"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dib"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.djv"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.djvu"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dng"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.emf"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.eps"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.erf"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.fff"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.fpx"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.gif"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.hdr"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.icl"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.icn"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (S-1-5-21-4603232-3277971173-2246861519-1000)
@Denied: (2) (LocalSystem)
"Progid"="Winamp.File.iff"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ilbm"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.int"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.inta"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.iw4"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.j2c"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.j2k"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jbr"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jfif"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jif"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jp2"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpc"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpe"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpeg"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpg"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpk"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpx"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.kdc"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.lbm"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.mef"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.mos"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.mrw"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.nef"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.nrw"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.orf"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pbm"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pbr"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pcd"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pct"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pcx"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pef"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pgm"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pic"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pict"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pix"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.png"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ppm"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.psd"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.psp"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pspbrush"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pspimage"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.raf"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ras"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (S-1-5-21-4603232-3277971173-2246861519-1000)
@Denied: (2) (LocalSystem)
"Progid"="Winamp.File.raw"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rgb"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rgba"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rle"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rsb"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rw2"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rwl"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.sgi"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.sr2"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.srf"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.tga"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.thm"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.tif"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.tiff"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ttc"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ttf"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30po"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30pp"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30ppf"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.wbm"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.wbmp"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.wmf"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xbm"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xif"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xmp"
.
[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xpm"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-04-01 23:47:09
ComboFix-quarantined-files.txt 2011-04-02 03:47
ComboFix2.txt 2011-04-02 02:57
.
Pre-Run: 80,476,246,016 bytes free
Post-Run: 80,437,633,024 bytes free
.
- - End Of File - - C9CF1E7314AB59AC36AD8E32B24559A3

 

[Broni]

Looks good

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[uNo]

Done.

OTL.txt:

OTL logfile created on: 4/2/2011 12:00:12 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\ul7o\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.90 Gb Total Space | 74.97 Gb Free Space | 75.05% Space Free | Partition Type: NTFS
Drive D: | 365.76 Gb Total Space | 336.91 Gb Free Space | 92.11% Space Free | Partition Type: NTFS

Computer Name: UL7O-PC | User Name: ul7o | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/01 23:58:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\ul7o\Desktop\OTL.exe
PRC - [2010/12/19 16:28:16 | 000,069,632 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2010/04/01 05:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/17 19:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/09/17 19:38:02 | 001,864,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/09/17 19:27:26 | 001,455,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 21:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/07/08 21:14:40 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/07/08 21:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/03/13 14:13:12 | 001,058,816 | ---- | M] (Hagel Technologies Ltd.) -- C:\Program Files\DU Meter\DUMeter.exe
PRC - [2009/03/13 14:13:12 | 000,504,832 | ---- | M] (Hagel Technologies Ltd.) -- C:\Program Files\DU Meter\DUMeterSvc.exe
PRC - [2007/09/13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/04/27 09:34:18 | 001,123,872 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2006/11/09 11:19:14 | 000,204,800 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe


========== Modules (SafeList) ==========

MOD - [2011/04/01 23:58:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\ul7o\Desktop\OTL.exe
MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2007/04/27 09:34:24 | 000,103,968 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/12/19 16:28:16 | 000,069,632 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2010/03/25 11:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/09/17 19:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/09/17 19:38:02 | 001,864,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/09/17 18:21:10 | 000,341,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 13:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/07/08 21:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/07/08 21:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/03/13 14:13:12 | 000,504,832 | ---- | M] (Hagel Technologies Ltd.) [Auto | Running] -- C:\Program Files\DU Meter\DUMeterSvc.exe -- (DUMeterSvc)
SRV - [2007/09/13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/02/13 11:44:34 | 000,105,248 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/02/13 11:42:50 | 000,109,344 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/02/15 11:33:34 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110330.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/02/15 11:33:34 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/02/15 11:33:34 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110330.003\NAVENG.SYS -- (NAVENG)
DRV - [2011/01/02 16:07:59 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/12/18 20:44:02 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/12/17 11:06:54 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/09/10 22:32:20 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2010/08/26 13:18:24 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/12/18 20:23:42] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})
DRV - [2010/04/14 02:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2009/09/17 19:38:10 | 000,092,488 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2009/09/17 19:31:50 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2009/09/03 17:03:48 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/09/03 17:03:48 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/08/26 12:54:38 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/08/25 21:05:44 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/08/25 21:05:42 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/08/25 21:05:42 | 000,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 18:02:49 | 000,046,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2009/05/27 15:31:18 | 000,050,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2009/01/30 10:12:00 | 007,544,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/09/13 15:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/02/13 11:42:28 | 000,025,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/02/13 11:42:04 | 001,964,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/02/13 11:39:54 | 001,691,808 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2006/11/20 19:07:00 | 001,085,216 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) QuickCam for Dell Notebooks(UVC)
DRV - [2006/11/20 19:07:00 | 000,040,352 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006/11/15 01:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/14 20:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/14 18:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4603232-3277971173-2246861519-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKU\S-1-5-21-4603232-3277971173-2246861519-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-4603232-3277971173-2246861519-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0F 96 17 4A B7 9F CB 01 [binary data]
IE - HKU\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/29 20:58:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/29 21:40:50 | 000,000,000 | ---D | M]

[2010/12/19 18:40:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ul7o\AppData\Roaming\Mozilla\Extensions
[2010/12/19 18:40:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ul7o\AppData\Roaming\Mozilla\Firefox\Profiles\18gf7str.default\extensions
[2011/03/29 20:58:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/18 21:34:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
File not found (No name found) -- C:\USERS\UL7O\APPDATA\LOCAL\{4DBAD5A1-2534-4AEF-8177-DE15CAD61E60}
[2011/03/18 13:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/12/18 21:34:01 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/04/01 23:36:57 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-4603232-3277971173-2246861519-1000..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-4603232-3277971173-2246861519-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-4603232-3277971173-2246861519-1000..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe (Hagel Technologies Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4603232-3277971173-2246861519-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4603232-3277971173-2246861519-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4603232-3277971173-2246861519-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Device Detection)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://vpn2.safelnk.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\Windows\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.i420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)


========== Files/Folders - Created Within 30 Days ==========

[2011/04/01 23:58:43 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\ul7o\Desktop\OTL.exe
[2011/04/01 23:47:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/04/01 23:47:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/04/01 23:47:24 | 000,000,000 | ---D | C] -- C:\Users\ul7o\AppData\Local\temp
[2011/04/01 23:25:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/04/01 22:50:20 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/04/01 22:50:20 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/04/01 22:50:20 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/04/01 22:50:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/04/01 22:49:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/01 17:24:36 | 000,000,000 | ---D | C] -- C:\Users\ul7o\Desktop\tdsskiller
[2011/04/01 17:23:08 | 000,000,000 | ---D | C] -- C:\Users\ul7o\AppData\Roaming\WinRAR
[2011/03/31 18:17:41 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\ul7o\Desktop\TFC.exe
[2011/03/29 22:13:45 | 000,000,000 | ---D | C] -- C:\Users\ul7o\AppData\Roaming\Malwarebytes
[2011/03/29 22:13:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/03/29 22:13:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/29 22:13:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/03/29 22:13:37 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/03/29 22:13:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/29 21:40:23 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/03/29 21:17:17 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/03/17 17:42:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011/03/07 02:30:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/03/07 02:22:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2011/03/07 01:59:55 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/03/04 19:24:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Maxtor
[2011/03/04 19:23:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
[2011/03/04 19:23:44 | 000,000,000 | ---D | C] -- C:\Program Files\Seagate

========== Files - Modified Within 30 Days ==========

[2011/04/01 23:58:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\ul7o\Desktop\OTL.exe
[2011/04/01 23:36:57 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/04/01 23:08:15 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/01 23:08:15 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/01 23:05:21 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/01 23:05:21 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/01 23:00:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/01 23:00:50 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2011/04/01 23:00:41 | 2615,820,288 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/01 22:25:48 | 004,311,769 | R--- | M] () -- C:\Users\ul7o\Desktop\ComboFix.exe
[2011/04/01 22:23:13 | 000,080,384 | ---- | M] () -- C:\Users\ul7o\Desktop\MBRCheck.exe
[2011/03/31 18:53:51 | 000,625,664 | ---- | M] () -- C:\Users\ul7o\Desktop\dds.scr
[2011/03/31 18:31:52 | 000,301,568 | ---- | M] () -- C:\Users\ul7o\Desktop\qhflcuhb.exe
[2011/03/31 18:17:44 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\ul7o\Desktop\TFC.exe
[2011/03/29 21:30:33 | 000,000,120 | ---- | M] () -- C:\Users\ul7o\AppData\Local\Kgojazalebin.dat
[2011/03/29 20:58:34 | 000,001,990 | ---- | M] () -- C:\Users\ul7o\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/29 20:58:27 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/03/21 17:31:45 | 279,641,961 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/03/05 23:12:32 | 001,420,741 | ---- | M] () -- C:\Users\ul7o\Desktop\Baptism.mp3
[2011/03/05 22:35:38 | 010,249,960 | ---- | M] () -- C:\Users\ul7o\Desktop\04_Baptism_(Album_Version).mp3

========== Files Created - No Company Name ==========

[2011/04/01 22:50:20 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/04/01 22:50:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/04/01 22:50:20 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/04/01 22:50:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/04/01 22:50:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/04/01 22:25:45 | 004,311,769 | R--- | C] () -- C:\Users\ul7o\Desktop\ComboFix.exe
[2011/04/01 22:23:13 | 000,080,384 | ---- | C] () -- C:\Users\ul7o\Desktop\MBRCheck.exe
[2011/03/31 18:53:49 | 000,625,664 | ---- | C] () -- C:\Users\ul7o\Desktop\dds.scr
[2011/03/31 18:31:49 | 000,301,568 | ---- | C] () -- C:\Users\ul7o\Desktop\qhflcuhb.exe
[2011/03/29 21:30:33 | 000,000,120 | ---- | C] () -- C:\Users\ul7o\AppData\Local\Kgojazalebin.dat
[2011/03/29 20:58:27 | 000,001,100 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/03/29 20:58:27 | 000,001,088 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/03/15 21:26:09 | 008,751,795 | ---- | C] () -- C:\Users\ul7o\Desktop\Control_Systems_Engineering_By_Nise_Solution_Manual.pdf
[2011/03/05 23:12:24 | 001,420,741 | ---- | C] () -- C:\Users\ul7o\Desktop\Baptism.mp3
[2011/03/05 22:35:38 | 010,249,960 | ---- | C] () -- C:\Users\ul7o\Desktop\04_Baptism_(Album_Version).mp3
[2010/12/19 18:40:44 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/12/19 16:47:23 | 000,000,628 | ---- | C] () -- C:\Windows\System32\PCI_VEN_1102&DEV_FF05&SUBSYS_00001102.ini
[2010/12/19 16:47:22 | 000,101,376 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
[2010/12/19 16:47:22 | 000,066,560 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
[2010/12/19 16:22:58 | 000,042,594 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/12/19 16:13:33 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2010/12/19 16:10:44 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2010/12/19 16:10:43 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2010/12/18 21:37:37 | 000,000,135 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2010/12/18 21:35:03 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/12/18 21:35:03 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/12/18 21:35:01 | 000,810,496 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/12/18 21:35:01 | 000,183,808 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/12/18 21:35:01 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 003,762,984 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,624,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,106,522 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 20:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007/02/13 11:42:28 | 000,025,632 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2007/02/13 11:39:54 | 001,691,808 | ---- | C] () -- C:\Windows\System32\drivers\Lvckap.sys
[2005/05/06 20:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

========== LOP Check ==========

[2010/12/18 21:19:08 | 000,000,000 | ---D | M] -- C:\Users\ul7o\AppData\Roaming\ACD Systems
[2011/01/02 16:11:56 | 000,000,000 | ---D | M] -- C:\Users\ul7o\AppData\Roaming\DAEMON Tools Lite
[2010/12/28 16:58:32 | 000,000,000 | ---D | M] -- C:\Users\ul7o\AppData\Roaming\Juniper Networks
[2011/03/30 23:04:05 | 000,025,414 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/06/10 17:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2011/04/01 23:47:14 | 000,031,479 | ---- | M] () -- C:\ComboFix.txt
[2009/06/10 17:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/04/01 23:00:41 | 2615,820,288 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/19 16:10:35 | 000,022,729 | ---- | M] () -- C:\newfile.enc
[2010/12/19 16:10:35 | 000,022,729 | ---- | M] () -- C:\newkey
[2011/04/01 23:00:45 | 3487,764,480 | -HS- | M] () -- C:\pagefile.sys
[2011/04/01 17:27:04 | 000,073,942 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_01.04.2011_17.25.51_log.txt

< %systemroot%\Fonts\*.com >
[2009/07/14 00:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 00:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 00:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 00:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 17:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/07/13 21:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2009/07/13 21:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 00:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/12/18 20:57:19 | 000,000,221 | -HS- | M] () -- C:\Users\ul7o\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/04/01 22:25:48 | 004,311,769 | R--- | M] () -- C:\Users\ul7o\Desktop\ComboFix.exe
[2011/04/01 22:23:13 | 000,080,384 | ---- | M] () -- C:\Users\ul7o\Desktop\MBRCheck.exe
[2011/04/01 23:58:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\ul7o\Desktop\OTL.exe
[2011/03/31 18:31:52 | 000,301,568 | ---- | M] () -- C:\Users\ul7o\Desktop\qhflcuhb.exe
[2011/03/31 18:17:44 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\ul7o\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >
[2007/10/10 19:53:06 | 000,000,750 | R--- | M] () -- C:\Windows\AppPatch\Custom\{75d2897c-87aa-4a06-8710-3ebda9f02de0}.sdb

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/12/18 22:04:52 | 000,000,402 | -HS- | M] () -- C:\Users\ul7o\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >

 

[uNo]

Extras.txt:

OTL Extras logfile created on: 4/2/2011 12:00:12 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\ul7o\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.90 Gb Total Space | 74.97 Gb Free Space | 75.05% Space Free | Partition Type: NTFS
Drive D: | 365.76 Gb Total Space | 336.91 Gb Free Space | 92.11% Space Free | Partition Type: NTFS

Computer Name: UL7O-PC | User Name: ul7o | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 3.Manage] -- "C:\Program Files\ACD Systems\ACDSee Pro\3.0\ACDSeeQVPro3.exe" "%1" (ACD Systems International Inc.)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1B280FAF-AE10-4E31-A41A-DB3917D651DC}" = ACDSee Pro 3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{2EFCC193-D915-4CCB-9201-31773A27BC06}" = Symantec Endpoint Protection
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9932886E-7874-4BA1-A1AA-E61EA5A9352D}" = Logitech QuickCam
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{B52480BF-CCED-4DD4-8DC2-28BB750D703E}" = BlackArmor Discovery
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}" = WinZip 15.0
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"Adobe AIR" = Adobe AIR
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DUMeter3_is1" = DU Meter
"InstallShield_{B52480BF-CCED-4DD4-8DC2-28BB750D703E}" = BlackArmor Discovery
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.6.6
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"mIRC" = mIRC
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"quicktime_lite_is1" = QT Lite 4.0.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4603232-3277971173-2246861519-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/30/2011 9:29:54 PM | Computer Name = ul7o-PC | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Tracking Cookies in File: Unavailable by: Manual
scan. Action: Quarantine failed : Leave Alone failed. Action Description: The
file was deleted successfully.

Error - 3/30/2011 9:34:31 PM | Computer Name = ul7o-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7600.16559, time
stamp: 0x4ba9b21e Exception code: 0xc0000005 Fault offset: 0x0006af67 Faulting process
id: 0x430 Faulting application start time: 0x01cbef41de317ad2 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 0629d9ca-5b37-11e0-8c3d-8b86ceba1050

Error - 3/30/2011 10:13:03 PM | Computer Name = ul7o-PC | Source = Symantec AntiVirus | ID = 16711731
Description = Risk Found!Backdoor.Trojan in File: d:\For Bubs\ETAP 6 PETA. MEDICINE.zip
by: Manual scan. Action: Compressed file processing succeeded. Action Description:
The file was left unchanged. Security Risk Found!Backdoor.Trojan in File: d:\For
Bubs\ETAP 6 PETA. MEDICINE.zip by: Manual scan. Action: Compressed file processing
succeeded. Action Description: The file was left unchanged. Security Risk Found!Backdoor.Trojan
in File: d:\Free To Air\Cool Sat\ROM102\Utilties.zip>>...>>AutoPlay/Docs/wiem32_build_12/wiem32.exe
by: Manual scan. Action: Cleaned by Deletion. Action Description: The file was
deleted successfully. Risk Found!Backdoor.Trojan in File: d:\Free To Air\Cool Sat\ROM102\Utilties.zip>>...>>AutoPlay/Docs/wiem32_build_12/wiem32.exe
by: Manual scan. Action: Cleaned by Deletion. Action Description: The file was
deleted successfully.

Error - 3/30/2011 10:47:56 PM | Computer Name = ul7o-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7600.16559, time
stamp: 0x4ba9b21e Exception code: 0xc0000005 Fault offset: 0x0006af67 Faulting process
id: 0x430 Faulting application start time: 0x01cbef4c1a7524f5 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 47e4e3a9-5b41-11e0-b5c1-c5b157973f56

Error - 3/30/2011 11:04:05 PM | Computer Name = ul7o-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7600.16559, time
stamp: 0x4ba9b21e Exception code: 0xc0000005 Fault offset: 0x0006af67 Faulting process
id: 0x1598 Faulting application start time: 0x01cbef4e0b9015f8 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 891d32c6-5b43-11e0-b5c1-c5b157973f56

Error - 3/31/2011 6:19:14 PM | Computer Name = ul7o-PC | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Common Files\Symantec
Shared\ccApp.exe Event Info: Terminate Process Action Taken: Logged Actor Process:
C:\Users\ul7o\Desktop\TFC.exe (PID 5656) Time: Thursday, March 31, 2011 6:19:14
PM

Error - 3/31/2011 6:19:14 PM | Computer Name = ul7o-PC | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\Symantec
Endpoint Protection\SmcGui.exe Event Info: Terminate Process Action Taken: Logged
Actor
Process: C:\Users\ul7o\Desktop\TFC.exe (PID 5656) Time: Thursday, March 31, 2011
6:19:14 PM

Error - 3/31/2011 9:16:24 PM | Computer Name = ul7o-PC | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 3/31/2011 10:16:37 PM | Computer Name = ul7o-PC | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 3/31/2011 11:16:35 PM | Computer Name = ul7o-PC | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

[ System Events ]
Error - 4/1/2011 10:59:24 PM | Computer Name = ul7o-PC | Source = Service Control Manager | ID = 7000
Description = The BCM42RLY service failed to start due to the following error: %%2

Error - 4/1/2011 11:01:11 PM | Computer Name = ul7o-PC | Source = Service Control Manager | ID = 7000
Description = The BCM42RLY service failed to start due to the following error: %%2

Error - 4/1/2011 11:01:14 PM | Computer Name = ul7o-PC | Source = Service Control Manager | ID = 7000
Description = The BCM42RLY service failed to start due to the following error: %%2

Error - 4/1/2011 11:01:16 PM | Computer Name = ul7o-PC | Source = Service Control Manager | ID = 7000
Description = The BCM42RLY service failed to start due to the following error: %%2

Error - 4/1/2011 11:01:17 PM | Computer Name = ul7o-PC | Source = Service Control Manager | ID = 7000
Description = The BCM42RLY service failed to start due to the following error: %%2

Error - 4/1/2011 11:26:02 PM | Computer Name = ul7o-PC | Source = Service Control Manager | ID = 7034
Description = The Process Monitor service terminated unexpectedly. It has done
this 1 time(s).

Error - 4/1/2011 11:26:56 PM | Computer Name = ul7o-PC | Source = Service Control Manager | ID = 7034
Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 4/1/2011 11:26:58 PM | Computer Name = ul7o-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 4/1/2011 11:30:33 PM | Computer Name = ul7o-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 4/1/2011 11:37:07 PM | Computer Name = ul7o-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.


< End of report >

 

[Broni]

Looks good

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.

==================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• IMPORTANT! UN-check Remove found threats
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[uNo]

Done.

Here is the SecurityCheck log:

Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Symantec Endpoint Protection
BlackArmor Discovery
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 24
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Reader X (10.0.1)
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
``````````End of Log````````````

I received these 2 Notification alerts from Symantec after I ran TFC:

SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
Event Info: Terminate Process
Action Taken: Logged
Actor Process: C:\Users\ul7o\Desktop\TFC.exe (PID 4464)
Time: Saturday, April 02, 2011 2:09:40 PM

SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Event Info: Terminate Process
Action Taken: Logged
Actor Process: C:\Users\ul7o\Desktop\TFC.exe (PID 4464)
Time: Saturday, April 02, 2011 2:09:40 PM


Finally, here is the log from ESETScan:

D:\BACK UP\-=Applications=-\Nero Ultra 8.3.6.0\Nero-8.3.6.0_eng_trial (from Nero site).exe Win32/Toolbar.AskSBar application

Thank You for your help.

 

[Broni]

Symantec alert was triggered by a legit, safe program, which we just used - TFC.
Disregard Norton's warning.

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

 

[uNo]

Thank you for your help. My computer seems to be working properly. Here is the resulting OTL log:

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: ul7o
->Temp folder emptied: 16761 bytes
->Temporary Internet Files folder emptied: 9633788 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 9.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: ul7o
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.22.3 log created on 04022011_234026

Files\Folders moved on Reboot...
C:\Users\ul7o\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FR5I6XN2\sh36[1].html moved successfully.
C:\Users\ul7o\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B7URVZVF\crosspixel-dest[1].htm moved successfully.
C:\Users\ul7o\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B7URVZVF\topic163254[1].html moved successfully.
C:\Users\ul7o\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

 

[Broni]

Way to go!!

Good luck and stay safe